Matomo Analytics Cloud by InnoCraft - GDPR Roadmap

The General Data Protection Regulation (GDPR), also referred to RGPD in French, Datenschutz-Grundverordnung, DS-GVO in German, will come into force on May the 25th 2018.

On this page we are publishing our progress towards GDPR compliance.

GDPR is a long step process which requires a robust methodology. In order to do so, we chose to follow the checklist of the Information Commissioner’s Office in the United Kingdom.

STEP 1 - Documentation

  1. Have conducted an information audit to map data flows. - DONE
  2. Have documented what personal data we hold, where it came from, who we share it with and what we do with it.  - DONE

STEP 2 - Accountability and governance

  1. Have an appropriate data protection policy. - IN PROGRESS
  2. Decision makers and key people in your business demonstrate support for data protection legislation and promote a positive culture of data protection compliance across the business. - IN PROGRESS
  3. Manages information risks in a structured way so that management understands the business impact of personal data related risks and manages them effectively. - DONE
  4. Have implemented appropriate technical and organisational measures to show we have considered and integrated data protection into our processing activities. - IN PROGRESS
  5. Provide data protection awareness training for all staff. - IN PROGRESS
  6. Have sought prior written authorisation from the data controller before engaging the services of a sub-processor. - DONE
  7. Have appointed a representative within the EU in writing. - DONE
  8. Have effective processes to identify, report, manage and resolve any personal data breaches. - IN PROGRESS

STEP 3 - Individual rights

  1. Have a process to respond to a data controller’s request for information (following an individual's' request to access their personal data). - DONE
  2. Have a process to ensure that the personal data we hold remains accurate and up to date. - DONE
  3. Have a process to routinely and securely dispose of personal data that is no longer required in line with agreed timescales as stated within our contract with the data controller. - DONE
  4. Have a process to respond to a data controller’s request to suppress the processing of specific personal data. - DONE
  5. Can respond to a request from the data controller for the supply of the personal data we process in an electronic format. - DONE

Step 4 - Data security

  1. Have an information security policy supported by appropriate security measures. - IN PROGRESS

As you can see, we are working on all points regarding GDPR compliance and we plan to complete the work by May 25th.

Part of this document contains public sector information licensed under the Open Government Licence v3.0.